Privacy Policy

 

Table of contents

  • Pream­ble
  • Controller
  • Contact Infor­ma­tion of the Data protec­tion officer
  • Overview of Process­ing Operations
  • Legal Bases for the Processing
  • Secu­ri­ty Precautions
  • Trans­mis­sion and Disclo­sure of Person­al Data
  • Use of Cook­ies and Cook­ie Manage­ment Solution
  • Commer­cial Services
  • Provi­sion of Online services and Web hosting
  • Special Notes on Appli­ca­tions (Apps)
  • Contact­ing us
  • Video Confer­ences, Online Meet­ings, Webi­na­rs and Screen-Sharing
  • Job Appli­ca­tion Process
  • Cloud Services
  • Newslet­ter and Elec­tron­ic Communications
  • Commer­cial Commu­ni­ca­tion by E‑Mail, Postal Mail, Fax or Telephone
  • Surveys and Questionnaires
  • Web Analy­sis, Moni­tor­ing and Optimization
  • Online­mar­ket­ing
  • Rating Plat­forms
  • Profiles in Social Networks (Social Media)
  • Plug­ins and embed­ded func­tions and content
  • Plan­ning, Orga­ni­za­tion and Utilities
  • Dele­tion of Data
  • Changes and Updates to the Priva­cy Policy
  • Rights of Data Subjects
  • Termi­nol­o­gy & Definitions

 

Preamble

With the follow­ing data protec­tion decla­ra­tion, we would like to inform you about the types of your person­al data (here­inafter also referred to as “data”) that we process, for what purpos­es and to what extent in the context of provi­sion of our application.

Any terms used here­after are not gender-specific.

As at 1st July 2024

Controller

Valdivia Consult­ing GmbH
Taunu­san­lage 9–10
60313 Frank­furt am Main
Germany

Regis­ter Court: Frank­furt Local Court, HRB 128860
Regis­tered office of the compa­ny: Frank­furt am Main

Autho­rised Repre­sen­ta­tive: Mr. Daniel Bauer
Email address: kontakt@valdivia-consulting.com
Phone: +49 69 348 685 320
Website:  www.valdivia-consulting.com

Data protec­tion enquiries

Should you have any ques­tions regard­ing the collec­tion, process­ing or use of your person­al data, such as infor­ma­tion, correc­tion, block­ing or dele­tion of data or other topics relat­ed to data protec­tion law, please contact our data protec­tion team at the follow­ing e‑mail address: datenschutz@valdivia-consulting.com.

Data protec­tion officer

Should you wish to contact our desig­nat­ed data protec­tion offi­cer in confi­dence, you may reach Mr Patrick Knit­tel (Knit­tel Acad­e­my for Data Protec­tion & Compli­ance) by e‑mail: dsb@knittel-compliance.de.

Overview of processing operations

The follow­ing table summaris­es the types of data processed, the purpos­es for which they are processed and the concerned data subjects.

Cate­gories of Processed Data

  • Inven­to­ry data (e.g. names, address­es, etc.)).
  • Candi­date data (e.g. names, addresses).
  • Appli­cant data (e.g. names, addresses).
  • Job appli­cant details (e.g. person­al data, postal and contact address­es and the docu­ments pertain­ing to the appli­ca­tion and the infor­ma­tion contained there­in, such as cover letter, curricu­lum vitae, certifi­cates, etc., as well as other infor­ma­tion on the person or qual­i­fi­ca­tions of appli­cants provid­ed with regard to a specif­ic job or volun­tar­i­ly by applicants).
  • Content data (e.g. text input, photographs, videos).
  • Contact data (e.g. e‑mail, tele­phone numbers).
  • Meta/communication data (e.g. device infor­ma­tion, IP addresses).
  • Usage data (e.g. websites visit­ed, inter­est in content, access times).
  • Loca­tion data (Infor­ma­tion on the geograph­i­cal posi­tion of a device or person).
  • Contract data (e.g. contract object, dura­tion, customer category).
  • Payment Data (e.g. bank details, invoic­es, payment history).

 

Cate­gories of Data Subjects

  • Employ­ees (e.g. Employ­ees, job applicants).
  • Job appli­cants and candidates
  • Busi­ness and contrac­tu­al partners.
  • Prospec­tive customers.
  • Commu­ni­ca­tion part­ners (recip­i­ents of e‑mails, letters, etc.).
  • Customers
  • Users (e.g. website visi­tors, users of online services).

 

Purpos­es of Processing

  • Provi­sion of our online services and usability.
  • Conver­sion track­ing (Measure­ment of the effec­tive­ness of market­ing activities).
  • Job Appli­ca­tion Process (Estab­lish­ment and possi­ble later execu­tion as well as possi­ble later termi­na­tion of the employ­ment relationship).
  • Office and organ­i­sa­tion­al procedures.
  • Direct market­ing (e.g. by e‑mail or postal).
  • Feed­back (e.g. collect­ing feed­back via online form).
  • Inter­est-based and behav­iour­al marketing.
  • Contact requests and communication.
  • Profil­ing (Creat­ing user profiles).
  • Remar­ket­ing.
  • Web Analyt­ics (e.g. access statis­tics, recog­ni­tion of return­ing visitors).
  • Secu­ri­ty measures.
  • Target­ing (e.g. profil­ing based on inter­ests and behav­iour, use of cookies).
  • Provi­sion of contrac­tu­al services and customer support.
  • Manag­ing and respond­ing to inquiries.

 

Legal Bases for the Processing

In the follow­ing we inform you about the legal basis of the Gener­al Data Protec­tion Regu­la­tion (GDPR), on the basis of which we process person­al data. Please note that, in addi­tion to the regu­la­tions of the GDPR, the nation­al data protec­tion regu­la­tions may apply in your coun­try or in our coun­try of resi­dence or domi­cile. If, in addi­tion, more specif­ic legal bases are applic­a­ble in indi­vid­ual cases, we will inform you of these in the data protec­tion declaration.

  • Consent (Arti­cle 6 (1) (a) GDPR) — The data subject has given consent to the process­ing of his or her person­al data for one or more specif­ic purposes.
  • Perfor­mance of a contract and prior requests (Arti­cle 6 (1) (b) GDPR) — Perfor­mance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to enter­ing into a contract.
  • Compli­ance with a legal oblig­a­tion (Arti­cle 6 (1) © GDPR) — Process­ing is neces­sary for compli­ance with a legal oblig­a­tion to which the controller is subject.
  • Legit­i­mate Inter­ests (Arti­cle 6 (1) (f) GDPR) — Process­ing is neces­sary for the purpos­es of the legit­i­mate inter­ests pursued by the controller or by a third party, except where such inter­ests are over­rid­den by the inter­ests or funda­men­tal rights and free­doms of the data subject which require protec­tion of person­al data.
  • Job appli­ca­tion process as a pre-contrac­tu­al or contrac­tu­al rela­tion­ship (Arti­cle 9 (2)(b) GDPR) — If special cate­gories of person­al data with­in the mean­ing of Arti­cle 9 (1) GDPR (e.g. health data, such as severe­ly hand­i­capped status or ethnic origin) are request­ed from appli­cants with­in the frame­work of the appli­ca­tion proce­dure, so that the respon­si­ble person or the person concerned can carry out the oblig­a­tions and exer­cis­ing specif­ic rights of the controller or of the data subject in the field of employ­ment and social secu­ri­ty and social protec­tion law, their process­ing shall be carried out in accor­dance with Arti­cle 9 (2)(b) GDPR , in the case of the protec­tion of vital inter­ests of appli­cants or other persons on the basis of Arti­cle 9 (2)© GDPR or for the purpos­es of preven­tive health care or occu­pa­tion­al medi­cine, for the assess­ment of the employee’s abil­i­ty to work, for medical diag­nos­tics, care or treat­ment in the health or social sector or for the admin­is­tra­tion of systems and services in the health or social sector in accor­dance with Arti­cle 9 (2)(d) GDPR. In the case of a commu­ni­ca­tion of special cate­gories of data based on volun­tary consent, their process­ing is carried out on the basis of Arti­cle 9 (2)(a) GDPR.

 

Nation­al data protec­tion regu­la­tions in Germany: In addi­tion to the data protec­tion regu­la­tions of the Gener­al Data Protec­tion Regu­la­tion, nation­al regu­la­tions apply to data protec­tion in Germany. This includes in partic­u­lar the Law on Protec­tion against Misuse of Person­al Data in Data Process­ing (Feder­al Data Protec­tion Act — BDSG). In partic­u­lar, the BDSG contains special provi­sions on the right to access, the right to erase, the right to object, the process­ing of special cate­gories of person­al data, process­ing for other purpos­es and trans­mis­sion as well as auto­mat­ed indi­vid­ual deci­sion-making, includ­ing profil­ing. Further­more, it regu­lates data process­ing for the purpos­es of the employ­ment rela­tion­ship (§ 26 BDSG), in partic­u­lar with regard to the estab­lish­ment, execu­tion or termi­na­tion of employ­ment rela­tion­ships as well as the consent of employ­ees. Further­more, data protec­tion laws of the indi­vid­ual feder­al states may apply.

 

Security Precautions

We take appro­pri­ate tech­ni­cal and organ­i­sa­tion­al measures in accor­dance with the legal require­ments, taking into account the tech­ni­cal status quo, the costs of imple­men­ta­tion and the nature, scope, context and purpos­es of process­ing as well as the risk of vary­ing like­li­hood and sever­i­ty for the rights and free­doms of natur­al persons, in order to ensure a level of secu­ri­ty appro­pri­ate to the risk.

The measures include, in partic­u­lar, safe­guard­ing the confi­den­tial­i­ty, integri­ty and avail­abil­i­ty of data by control­ling phys­i­cal and elec­tron­ic access to the data as well as access to, input, trans­mis­sion, secur­ing and sepa­ra­tion of the data. In addi­tion, we have estab­lished proce­dures to ensure that data subjects’ rights are respect­ed, that data is delet­ed, and that we are prepared to respond to data threats rapid­ly. Further­more, we take the protec­tion of person­al data into account as early as the devel­op­ment or selec­tion of hard­ware, soft­ware and service providers, in accor­dance with the prin­ci­ple of priva­cy by design and priva­cy by default.

SSL encryp­tion (https): In order to protect your data trans­mit­ted via our online services in the best possi­ble way, we use SSL encryp­tion. You can recog­nize such encrypt­ed connec­tions by the prefix https:// in the address bar of your browser.

 

Processing and Disclosure of Personal Data

In the context of our process­ing of person­al data, it may happen that the data is trans­ferred to other places, compa­nies or persons or that it is disclosed to them. Recip­i­ents of this data may include, for exam­ple, payment insti­tu­tions with­in the context of payment trans­ac­tions, service providers commis­sioned with IT tasks or providers of services and content that are embed­ded in a website. In such a case, the legal require­ments will be respect­ed and in partic­u­lar corre­spond­ing contracts or agree­ments, which serve the protec­tion of your data, will be conclud­ed with the recip­i­ents of your data.

Data Trans­mis­sion with­in the Group of Compa­nies: We may trans­fer person­al data to other compa­nies with­in our group of compa­nies or other­wise grant them access to this data. Inso­far as this disclo­sure is for admin­is­tra­tive purpos­es, the disclo­sure of the data is based on our legit­i­mate busi­ness and econom­ic inter­ests or other­wise, if it is neces­sary to fulfill our contrac­tu­al oblig­a­tions or if the consent of the data subjects or other­wise a legal permis­sion is present.

 

Use of Cookies and Cookie Management Solution

Cook­ies are text files that contain data from visit­ed websites or domains and are stored by a brows­er on the user’s comput­er. A cook­ie is primar­i­ly used to store infor­ma­tion about a user during or after his visit with­in an online service. The infor­ma­tion stored can include, for exam­ple, the language settings on a website, the login status, a shop­ping basket or the loca­tion where a video was viewed. The term “cook­ies” also includes other tech­nolo­gies that fulfil the same func­tions as cook­ies (e.g. if user infor­ma­tion is stored using pseu­do­ny­mous online iden­ti­fiers, also referred to as “user IDs”).

The follow­ing types and func­tions of cook­ies are distinguished:

  • Tempo­rary cook­ies (also: session cook­ies): Tempo­rary cook­ies are delet­ed at the latest after a user has left an online service and closed his browser.
  • Perma­nent cook­ies: Perma­nent cook­ies remain stored even after clos­ing the brows­er. For exam­ple, the login status can be saved or preferred content can be displayed direct­ly when the user visits a website again. The inter­ests of users who are used for range measure­ment or market­ing purpos­es can also be stored in such a cookie.
  • First party cook­ies: First-party-Cook­ies are set by ourselves.
  • Third party cook­ies: Third party cook­ies are main­ly used by adver­tis­ers (so-called third parties) to process user information.
  • Neces­sary (also: essen­tial or vital) cook­ies: Cook­ies can be neces­sary for the oper­a­tion of a website (e.g. to save logins or other user inputs or for secu­ri­ty reasons).
  • Statis­tics, market­ing and person­al­i­sa­tion cook­ies: Cook­ies are also gener­al­ly used to measure a website’s reach and when a user’s inter­ests or behav­iour (e.g. view­ing certain content, using func­tions, etc.) are stored on indi­vid­ual websites in a user profile. Such profiles are used, for exam­ple, to display content to users that corre­sponds to their poten­tial inter­ests. This proce­dure is also referred to as “track­ing”, i.e. track­ing the poten­tial inter­ests of users. If we use cook­ies or “track­ing” tech­nolo­gies, we will inform you sepa­rate­ly in our priva­cy poli­cy or in the context of obtain­ing consent.

 

Infor­ma­tion on legal basis: The legal basis on which we process your person­al data with the help of cook­ies depends on whether we ask you for your consent. If this applies and you consent to the use of cook­ies, the legal basis for process­ing your data is your declared consent. Other­wise, the data processed with the help of cook­ies will be processed on the basis of our legit­i­mate inter­ests (e.g. in a busi­ness oper­a­tion of our online service and its improve­ment) or, if the use of cook­ies is neces­sary to fulfill our contrac­tu­al obligations.

Reten­tion peri­od: Unless we provide you with explic­it infor­ma­tion on the reten­tion peri­od of perma­nent cook­ies (e.g. with­in the scope of a so-called cook­ie opt-in), please assume that the reten­tion peri­od can be as long as two years.

Gener­al infor­ma­tion on with­draw­al of consent and objec­tion (Opt-Out): Depend­ing on whether process­ing is based on consent or legal permis­sion, you have the option at any time to object to the process­ing of your data using cook­ie tech­nolo­gies or to revoke consent (collec­tive­ly referred to as “opt-out”). You can initial­ly explain your objec­tion using the settings of your brows­er, e.g. by deac­ti­vat­ing the use of cook­ies (which may also restrict the func­tion­al­i­ty of our online services). An objec­tion to the use of cook­ies for online market­ing purpos­es can be raised for a large number of services, espe­cial­ly in the case of track­ing, via the websites https://www.aboutads.info/choices/ and https://www.youronlinechoices.com. In addi­tion, you can receive further infor­ma­tion on objec­tions in the context of the infor­ma­tion on the used service providers and cookies.

Process­ing Cook­ie Data on the basis of consent: We use — with GDPR Cook­ie Compli­ance Plug­in (https://wordpress.org/plugins/gdpr-cookie-compliance/) — a cook­ie manage­ment solu­tion in which users’ consent to the use of cook­ies, or the proce­dures and providers mentioned in the cook­ie manage­ment solu­tion, can be obtained, managed and revoked by the users. The decla­ra­tion of consent is stored so that it does not have to be retrieved again and the consent can be proven in accor­dance with the legal oblig­a­tion. Stor­age can take place serv­er-sided and/or in a cook­ie (so-called opt-out cook­ie or with the aid of compa­ra­ble tech-nolo­gies) in order to be able to assign the consent to a user or and/or his/her device. Subject to indi­vid­ual details of the providers of cook­ie manage­ment services, the follow­ing infor­ma­tion applies: The dura­tion of the stor­age of the consent can be up to two years. In this case, a pseu­do­ny­mous user iden­ti­fi­er is formed and stored with the date/time of consent, infor­ma­tion on the scope of the consent (e.g. which cate­gories of cook­ies and/or service providers) as well as the brows­er, system and used end device.

  • Processed data types: Usage data (e.g. websites visit­ed, inter­est in content, access times), meta/communication data (e.g. device infor­ma­tion, IP addresses).
  • Data subjects: Users (e.g. website visi­tors, users of online services).
  • Legal Basis: Consent (Arti­cle 6 (1) (a) GDPR), Legit­i­mate Inter­ests (Arti­cle 6 (1) (f) GDPR).

 

Commercial Services

We process data of our contrac­tu­al and busi­ness part­ners, e.g. customers and inter­est­ed parties (collec­tive­ly referred to as “contrac­tu­al part­ners”) with­in the context of contrac­tu­al and compa­ra­ble legal rela­tion­ships as well as asso­ci­at­ed actions and commu­ni­ca­tion with the contrac­tu­al part­ners or pre-contrac­tu­al­ly, e.g. to answer inquiries.

We process this data in order to fulfil our contrac­tu­al oblig­a­tions, safe­guard our rights and for the purpos­es of the admin­is­tra­tive tasks asso­ci­at­ed with this data and the busi­ness-relat­ed organ­i­sa­tion. We will only pass on the data of the contrac­tu­al part­ners with­in the scope of the applic­a­ble law to third parties inso­far as this is neces­sary for the afore­men­tioned purpos­es or for the fulfil­ment of legal oblig­a­tions or with the consent of data subjects concerned (e.g. telecom­mu­ni­ca­tions, trans­port and other auxil­iary services as well as subcon­trac­tors, banks, tax and legal advi­sors, payment service providers or tax author­i­ties). The contrac­tu­al part­ners will be informed about further process­ing, e.g. for market­ing purpos­es, as part of this priva­cy policy.

We inform the contract­ing part­ners before or in the context of the data collec­tion, e.g. in online forms by special mark­ing (e.g. colors), and/or symbols (e.g. aster­isks or the like), or person­al­ly which data Is neces­sary for the afore­men­tioned purposes,

We delete the data after expiry of statu­to­ry warran­ty and compa­ra­ble oblig­a­tions, i.e. in prin­ci­ple after expiry of 4 years, unless the data is stored in a customer account or must be kept for legal reasons of archiv­ing (e.g., as a rule 10 years for tax purpos­es). In the case of data disclosed to us by the contrac­tu­al part­ner with­in the context of an assign­ment, we delete the data in accor­dance with the spec­i­fi­ca­tions of the assign­ment, in gener­al after the end of the assignment.

If we use third-party providers or plat­forms to provide our services, the terms and condi­tions and priva­cy poli­cies of the respec­tive third-party providers or plat­forms shall apply in the rela­tion­ship between the users and the providers.

Client Portal (Customer Account): Contrac­tu­al part­ners can create an account (Client Portal) with­in our CRM. If regis­tra­tion of a Client Portal is required, Contrac­tu­al Part­ners will be informed of this and of the details required for regis­tra­tion. The Client Portal is not public and cannot be indexed by search engines. With­in the scope of regis­tra­tion and subse­quent logins and use of the Client Portal, we store the IP address­es of the customers togeth­er with the access times in order to be able to prove the regis­tra­tion and to prevent possi­ble misuse of the customer account.

If customers have termi­nat­ed their customer account, the data relat­ing to the customer account will be delet­ed, unless their reten­tion is required for legal reasons. It is the respon­si­bil­i­ty of the customer to back up their data upon success­ful termi­na­tion of the customer account.

Consult­ing: We process the data of our clients, clients as well as inter­est­ed parties and other clients or contrac­tu­al part­ners (uniform­ly referred to as “clients”) in order to provide them with our consult­ing services. The data processed, the type, scope and purpose of the process­ing and the neces­si­ty of its process­ing are deter­mined by the under­ly­ing contrac­tu­al and client relationship.

Inso­far as it is neces­sary for the fulfil­ment of our contract, for the protec­tion of vital inter­ests or by law, or with the consent of the client, we disclose or trans­fer the client’s data to third parties or agents, such as author­i­ties, courts, subcon­trac­tors or in the field of IT, office or compa­ra­ble services, taking into account the profes­sion­al requirements.

Recruit­ing and Consult­ing Services: As part of our services, which include in partic­u­lar the search for, contact­ing and place­ment of poten­tial job candi­dates, we process the data of the job candi­dates and the person­al data of poten­tial employ­ers or their employees.

We process the infor­ma­tion and contact data provid­ed by the job candi­dates for the purpos­es of estab­lish­ing, imple­ment­ing and, if neces­sary, termi­nat­ing a job place­ment contract. In addi­tion, we can ask inter­est­ed parties ques­tions about the success of our recruit­ing services at a later date, in accor­dance with legal requirements.

We process the data of the job candi­dates, as well as of the employ­ers, in order to fulfil our contrac­tu­al oblig­a­tions, in order to process the requests, we receive for the place­ment of jobs to the satis­fac­tion of the parties involved.

We can record the recruit­ing process­es in order to be able to prove the exis­tence of the contrac­tu­al rela­tion­ship and the consent of the inter­est­ed parties in accor­dance with the statu­to­ry account­abil­i­ty oblig­a­tions (Arti­cle 5 (2) GDPR). This infor­ma­tion will be stored for a peri­od of three to four years if we need to prove the orig­i­nal contact request (e.g. to prove eligi­bil­i­ty to contact the job candidates).

Further infor­ma­tion on commer­cial services: We process the data of our customers and clients (here­inafter uniform­ly referred to as “customers”) in order to enable them to select, acquire or commis­sion the select­ed services or works and relat­ed tasks, as well as their payment and deliv­ery, or execu­tion or provision.

The required details are iden­ti­fied as such with­in the frame­work of the conclu­sion of the order, order or compa­ra­ble contract and include the details required for service provi­sion and invoic­ing as well as contact infor­ma­tion in order to be able to hold any consultations.

  • Processed data types: Inven­to­ry data (e.g. names, address­es), Payment Data (e.g. bank details, invoic­es, payment histo­ry), Contact data (e.g. e‑mail, tele­phone numbers), Contract data (e.g. contract object, dura­tion, customer cate­go­ry), Usage data (e.g. websites visit­ed, inter­est in content, access times), Meta/communication data (e.g. device infor­ma­tion, IP address­es), Job appli­cant details (e.g. Person­al data, postal and contact address­es and the docu­ments pertain­ing to the appli­ca­tion and the infor­ma­tion contained there­in, such as cover letter, curricu­lum vitae, certifi­cates, etc., as well as other infor­ma­tion on the person or qual­i­fi­ca­tions of appli­cants provid­ed with regard to a specif­ic job or volun­tar­i­ly by applicants).
  • Data subjects: Prospec­tive customers, Busi­ness and contrac­tu­al part­ners, Customers, Job applicants.
  • Purpos­es of Process­ing: Provi­sion of contrac­tu­al services and customer support, Contact requests and commu­ni­ca­tion, Office and organ­i­sa­tion­al proce­dures, Manag­ing and respond­ing to inquiries, Secu­ri­ty measures.
  • Legal Basis: Perfor­mance of a contract and prior requests (Arti­cle 6 (1) (b) GDPR), Compli­ance with a legal oblig­a­tion (Arti­cle 6 (1) © GDPR), Legit­i­mate Inter­ests (Arti­cle 6 (1) (f) GDPR).

 

Provision of online services and web hosting

In order to provide our online services secure­ly and effi­cient­ly, we use the services of one or more web host­ing providers from whose servers (or servers they manage) the online services can be accessed. For these purpos­es, we may use infra­struc­ture and plat­form services, comput­ing capac­i­ty, stor­age space and data­base services, as well as secu­ri­ty and tech­ni­cal main­te­nance services.

The data processed with­in the frame­work of the provi­sion of the host­ing services may include all infor­ma­tion relat­ing to the users of our online services that is collect­ed in the course of use and commu­ni­ca­tion. This regu­lar­ly includes the IP address, which is neces­sary to be able to deliv­er the contents of online services to browsers, and all entries made with­in our online services or from websites.

E‑mail Send­ing and Host­ing: The web host­ing services we use also include send­ing, receiv­ing and stor­ing e‑mails. For these purpos­es, the address­es of the recip­i­ents and senders, as well as other infor­ma­tion relat­ing to the send­ing of e‑mails (e.g. the providers involved) and the contents of the respec­tive e‑mails are processed. The above data may also be processed for SPAM detec­tion purpos­es. Please note that e‑mails on the Inter­net are gener­al­ly not sent in encrypt­ed form. As a rule, e‑mails are encrypt­ed during trans­port, but not on the servers from which they are sent and received (unless a so-called end-to-end encryp­tion method is used). We can there­fore accept no respon­si­bil­i­ty for the trans­mis­sion path of e‑mails between the sender and recep­tion on our server.

Collec­tion of Access Data and Log Files: We, ourselves or our web host­ing provider, collect data on the basis of each access to the serv­er (so-called serv­er log files). Serv­er log files may include the address and name of the web pages and files accessed, the date and time of access, data volumes trans­ferred, noti­fi­ca­tion of success­ful access, brows­er type and version, the user’s oper­at­ing system, refer­rer URL (the previ­ous­ly visit­ed page) and, as a gener­al rule, IP address­es and the request­ing provider.

The serv­er log files can be used for secu­ri­ty purpos­es, e.g. to avoid over­load­ing the servers (espe­cial­ly in the case of abusive attacks, so-called DDoS attacks) and to ensure the stabil­i­ty and opti­mal load balanc­ing of the servers.

  • Processed data types: Content data (e.g. text input Into online forms), Usage data (e.g. websites visit­ed, inter­est in content, access times), Meta/communication data (e.g. device infor­ma­tion, IP addresses).
  • Data subjects: Users (e.g. website visi­tors, users of online services).
  • Legal Basis: Legit­i­mate Inter­ests (Arti­cle 6 (1) (f) GDPR).

 

Special Notes on Applications (Apps)

We process the data of the users of our appli­ca­tion to the extent neces­sary to provide the users with the appli­ca­tion and its func­tion­al­i­ties, to moni­tor its secu­ri­ty and to devel­op it further. Further­more, we may contact users in compli­ance with the statu­to­ry provi­sions if commu­ni­ca­tion is neces­sary for the purpos­es of admin­is­tra­tion or use of the appli­ca­tion. In addi­tion, we refer to the data protec­tion infor­ma­tion in this priva­cy poli­cy with regard to the process­ing of user data.

Legal basis: The process­ing of data neces­sary for the provi­sion of the func­tion­al­i­ties of the appli­ca­tion serves to fulfil contrac­tu­al oblig­a­tions. This also applies if the provi­sion of the func­tions requires user autho­ri­sa­tion (e.g. release of device func­tions). If the process­ing of data is not neces­sary for the provi­sion of the func­tion­al­i­ties of the appli­ca­tion, but serves the secu­ri­ty of the appli­ca­tion or our busi­ness inter­ests (e.g. collec­tion of data for the purpose of opti­mis­ing the appli­ca­tion or secu­ri­ty purpos­es), it is carried out on the basis of our legit­i­mate inter­ests. If users are express­ly request­ed to give their consent to the process­ing of their data, the data covered by the consent is processed on the basis of the consent.

Commer­cial use: We process the data of the users of our appli­ca­tion, regis­tered and any test users (here­inafter uniform­ly referred to as “users”) in order to provide them with our contrac­tu­al services and on the basis of legit­i­mate inter­ests to ensure the secu­ri­ty of our appli­ca­tion and to devel­op it further. The required details are iden­ti­fied as such with­in the scope of the conclu­sion of a contract for the use of the appli­ca­tion, the conclu­sion of an order, an order or a compa­ra­ble contract and may include the details required for the provi­sion of services and any invoic­ing as well as contact infor­ma­tion in order to be able to hold any consultations.

Device autho­riza­tions for access to func­tions and data: The use of certain func­tions of our appli­ca­tion may require access to the camera and the stored record­ings of the users. By default, these autho­riza­tions must be grant­ed by the user and can be revoked at any time in the settings of the respec­tive devices. The exact proce­dure for control­ling app permis­sions may depend on the user’s device and soft­ware. Users can contact us if they require further expla­na­tion. We would like to point out that the refusal or revo­ca­tion of the respec­tive autho­riza­tions can affect the func­tion­al­i­ty of our application.

  • Processed data types: Inven­to­ry data (e.g. names, address­es), Meta/communication data (e.g. device infor­ma­tion, IP address­es), Payment Data (e.g. bank details, invoic­es, payment histo­ry), Contract data (e.g. contract object, dura­tion, customer category).
  • Data subjects: Users (e.g. website visi­tors, users of online services).
  • Purpos­es of Process­ing: Provi­sion of contrac­tu­al services and customer support.
  • Legal Basis: Consent (Arti­cle 6 (1) (a) GDPR), Perfor­mance of a contract and prior requests (Arti­cle 6 (1) (b) GDPR), Legit­i­mate Inter­ests (Arti­cle 6 (1) (f) GDPR).

 

Contacting us

When contact­ing us (e.g. by contact form, e‑mail, tele­phone or via social media), the data of the inquir­ing persons are processed inso­far as this is neces­sary to answer the contact enquiries and any request­ed activities.

The response to contact enquiries with­in the frame­work of contrac­tu­al or pre-contrac­tu­al rela­tion­ships is made in order to fulfil our contrac­tu­al oblig­a­tions or to respond to (pre)contractual enquiries and other­wise on the basis of the legit­i­mate inter­ests in respond­ing to the enquiries.

  • Processed data types: Inven­to­ry data (e.g. names, address­es), Contact data (e.g. e‑mail, tele­phone numbers), Content data (e.g. text input, photographs, videos), Usage data (e.g. websites visit­ed, inter­est in content, access times), Meta/communication data (e.g. device infor­ma­tion, IP addresses).
  • Data subjects: Commu­ni­ca­tion part­ner (Recip­i­ents of e‑mails, letters, etc.).
  • Purpos­es of Process­ing: Contact requests and communication.
  • Legal Basis: Perfor­mance of a contract and prior requests (Arti­cle 6 (1) (b) GDPR), Legit­i­mate Inter­ests (Arti­cle 6 (1) (f) GDPR).

 

Video Conferences, Online Meetings, Webinars and Screen-Sharing

We use third-party plat­forms and appli­ca­tions (here­inafter referred to as “third party providers”) for the purpos­es of conduct­ing video and audio confer­ences, webi­na­rs and other types of video and audio meet­ings. When select­ing third-party providers and their services, we observe the legal requirements.

In this context, data of the commu­ni­ca­tion partic­i­pants will be processed and stored on the servers of third parties, as far as these are part of commu­ni­ca­tion process­es with us. This data may include, but is not limit­ed to, regis­tra­tion and contact details, visu­al and voice contri­bu­tions, chat entries and shared screen content.

If users are referred to the third-party providers or their soft­ware or plat­forms in the context of commu­ni­ca­tion, busi­ness or other rela­tion­ships with us, the third-party provider process­ing may process usage data and meta­da­ta that can be processed by them for secu­ri­ty purpos­es, service opti­mi­sa­tion or market­ing purpos­es. We there­fore ask you to observe the data protec­tion infor­ma­tion of the respec­tive third party providers.

Infor­ma­tion on legal basis: If we ask the users for their consent to the use of third party providers or certain func­tions (e.g. permis­sion to record conver­sa­tions), the legal basis of the process­ing is consent. Further­more, the process­ing can be a compo­nent of our (pre)contractual services, provid­ed that the use of the third party was agreed with­in this context. Other­wise, user data will be processed on the basis of our legit­i­mate inter­est in effi­cient and secure commu­ni­ca­tion with our commu­ni­ca­tion part­ners. In this context, we would also like to refer you to the infor­ma­tion on the use of cook­ies in this priva­cy policy.

  • Processed data types: Inven­to­ry data (e.g. names, address­es), Contact data (e.g. e‑mail, tele­phone numbers), Content data (e.g. text input, photographs, videos), Usage data (e.g. websites visit­ed, inter­est in content, access times), Meta/communication data (e.g. device infor­ma­tion, IP addresses).
  • Data subjects: Commu­ni­ca­tion part­ner (Recip­i­ents of e‑mails, letters, etc.), Users (e.g. website visi­tors, users of online services).
  • Purpos­es of Process­ing: Provi­sion of contrac­tu­al services and customer support, Contact requests and commu­ni­ca­tion, Office and organ­i­sa­tion­al proce­dures, Direct market­ing (e.g. by e‑mail or postal).
  • Legal Basis: Consent (Arti­cle 6 (1) (a) GDPR), Perfor­mance of a contract and prior requests (Arti­cle 6 (1) (b) GDPR), Legit­i­mate Inter­ests (Arti­cle 6 (1) (f) GDPR).

 

Services and service providers being used:

 

Job Application Process of candidates and applicants

The appli­ca­tion process requires appli­cants to provide us with the data neces­sary for their assess­ment and selec­tion. The infor­ma­tion required can be found in the job descrip­tion or, in the case of online forms, in the infor­ma­tion contained therein.

In prin­ci­ple, the required infor­ma­tion includes person­al infor­ma­tion such as name, address, a contact option and proof of the qual­i­fi­ca­tions required for a partic­u­lar employ­ment. Upon request, we will be happy to provide you with addi­tion­al information.

a) Job appli­ca­tion process for candidates
If made avail­able, appli­cants can submit their appli­ca­tions via an online contact form. The data will be trans­mit­ted to us encrypt­ed accord­ing to the state of the art. Appli­cants can also send us their appli­ca­tions by e‑mail.

Please note, howev­er, that e‑mails on the Inter­net are gener­al­ly not sent in encrypt­ed form. As a rule, e‑mails are encrypt­ed during trans­port, but not on the servers from which they are sent and received. We can there­fore accept no respon­si­bil­i­ty for the trans­mis­sion path of the appli­ca­tion between the sender and the recep­tion on our server.

For the purpos­es of search­ing for candi­dates, submit­ting appli­ca­tions and select­ing candi­dates, we may make use of the appli­cant manage­ment and recruit­ment soft­ware, plat­forms and services of third-party providers in compli­ance with legal requirements.

Candi­dates are welcome to contact us about how to submit their appli­ca­tion or send it to us by regu­lar mail.

Process­ing of special cate­gories of data: If special cate­gories of person­al data with­in the mean­ing of Arti­cle 9 (1) GDPR (e.g. health data, such as severe­ly hand­i­capped status or ethnic origin) are request­ed from appli­cants with­in the frame­work of the appli­ca­tion proce­dure, so that the respon­si­ble person or the person concerned can exer­cise his/her rights aris­ing from labour law and social secu­ri­ty and social protec­tion law and fulfil his/her duties in this regard, their process­ing shall be carried out in accor­dance with Arti­cle 9 (1)(b) GDPR, in the case of the protec­tion of vital inter­ests of appli­cants or other persons pursuant to Arti­cle 9 (1)© GDPR or for the purpos­es of preven­tive health care or occu­pa­tion­al medi­cine, for the assess­ment of the employee’s abil­i­ty to work, for medical diag­nos­tics, care or treat­ment in the health or social sector or for the admin­is­tra­tion of systems and services in the health or social sector in accor­dance with Arti­cle 9 (1)(h) GDPR. In the case of a commu­ni­ca­tion of special cate­gories of data based on volun­tary consent, their process­ing is carried out on the basis of Arti­cle 9 (1)(a) GDPR.

Dele­tion of Data:
In the event of a success­ful appli­ca­tion, the data provid­ed by the appli­cants may be further processed by us for the purpos­es of the employ­ment relationship.

Admis­sion to a talent pool: Admis­sion to a talent pool, if offered, is based on consent. Appli­cants are informed that their consent to be includ­ed in the talent pool is volun­tary, has no influ­ence on the current appli­ca­tion process and that they can revoke their consent at any time for the future.

Having regis­tered with us as a candi­date, suit­able job offers will be coor­di­nat­ed with the candi­date after prior autho­ri­sa­tion to do so and submit­ted by e‑mail.

If the candi­date is inter­est­ed, the respec­tive appli­ca­tion will be present­ed to a poten­tial employ­er for review and assessment.

Should an appli­ca­tion for a job offer not be success­ful and the candi­date does not wish to be contact­ed further, the candidate’s data will be deleted.

Howev­er, in the event that the candi­date wish­es a contin­u­a­tion of our candi­date services and/ or be approached In rela­tion to other poten­tial employ­ers, further offers will be made to the candi­date depend­ing on profile and inter­est — if available.

If the first place­ment or, if applic­a­ble, a further place­ment is not success­ful, the candidate’s data will remain in the candi­date database.

The candidate’s data will be delet­ed from the candi­date data­base auto­mat­i­cal­ly after a peri­od of two years, unless the candi­date supplies a renew­al of his/her consent to the stor­age and process­ing of his/her data.

Candi­date data will also be delet­ed if an appli­ca­tion is with­drawn, which candi­dates are enti­tled to do at any time.

  • Processed data types: Job appli­cant details (e.g. Person­al data, postal and contact address­es and the docu­ments pertain­ing to the appli­ca­tion and the infor­ma­tion contained there­in, such as cover letter, curricu­lum vitae, certifi­cates, etc., as well as other infor­ma­tion on the person or qual­i­fi­ca­tions of appli­cants provid­ed with regard to a specif­ic job or volun­tar­i­ly by applicants).
  • Data subjects: Candidates
  • Purpos­es of Process­ing: Job Appli­ca­tion Process (Reason for process­ing purpos­es and possi­ble later perfor­mance as well as possi­ble later termi­na­tion of the employ­ment relationship).
  • Legal Basis: Job appli­ca­tion process as a pre-contrac­tu­al or contrac­tu­al rela­tion­ship (Arti­cle 9 (2)(b) GDPR).

 

Services and service providers being used:

 

b) Job appli­ca­tion with Valdivia for an inter­nal vacancy
The appli­ca­tion proce­dure requires that appli­cants provide us with the data required for their assess­ment and selec­tion by e‑mail. The infor­ma­tion required can be found in the job descrip­tion or, in the case of online forms, in the details provid­ed there.

In prin­ci­ple, the required infor­ma­tion includes person­al infor­ma­tion such as name, address, contact details and proof of the qual­i­fi­ca­tions required for a posi­tion. Upon request, addi­tion­al infor­ma­tion as to which details are required can be provided.

In case an online form Is provid­ed,  appli­cants may express and submit their inter­est by way of the afore­men­tioned form. The data will be trans­mit­ted to us in encrypt­ed form in accor­dance with the current tech­ni­cal means applied. Appli­cants can also submit their appli­ca­tions by e‑mail. Please note, howev­er, that e‑mails sent via the Inter­net are gener­al­ly not encrypt­ed. As a rule, e‑mails are encrypt­ed in tran­sit, but not on the servers from which they are sent and received. There­fore, Valdivia cannot assume any respon­si­bil­i­ty for the trans­mis­sion path of the appli­ca­tion between the sender and the receipt on our server.

For the purpos­es of appli­cant search, submis­sion of appli­ca­tions and selec­tion of appli­cants, third party appli­cant manage­ment or recruit­ment soft­ware and plat­forms and services may be used in accor­dance with current legislation,

Appli­cants are welcome to contact Valdivia regard­ing the method of appli­ca­tion submission.

Noti­fi­ca­tion of the special cate­gories of data and their process­ing as regu­lat­ed by Art. 9 para. 2 lit. a. GDPR.

Dele­tion of data: In the event of a success­ful appli­ca­tion, the data provid­ed by the appli­cants may be further processed by us for the purpos­es of the employ­ment relationship.

Regis­tra­tion in applicant/talent pool: Prior consent is a prereq­ui­site for regis­tra­tion in an appli­cant pool, if offered. Appli­cants are informed that their consent to inclu­sion in the applicant/talent pool is volun­tary, has no influ­ence on the current appli­ca­tion proce­dure and that they can revoke their consent at any time for the future.

  • Types of data processed: Appli­cant data (e.g. person­al details, postal and contact address­es, the docu­ments relat­ing to the appli­ca­tion and the infor­ma­tion contained there­in, such as cover letters, CVs, certifi­cates and other infor­ma­tion provid­ed by appli­cants volun­tar­i­ly or with regard to a specif­ic position).
  • Data subjects: Applicant
  • Purpos­es of process­ing: Appli­ca­tion proce­dure (estab­lish­ment and possi­ble subse­quent imple­men­ta­tion as well as possi­ble subse­quent termi­na­tion of the employ­ment relationship).
  • Legal basis: Appli­ca­tion proce­dure as a pre-contrac­tu­al or contrac­tu­al rela­tion­ship (Art. 9(2)(b) GDPR).

 

Services and service providers being used:

 

Cloud Services

We use Inter­net-acces­si­ble soft­ware services (so-called “cloud services”, also referred to as “Soft­ware as a Service”) provid­ed on the servers of its providers for the follow­ing purpos­es: docu­ment stor­age and admin­is­tra­tion, calen­dar manage­ment, e‑mail deliv­ery, spread­sheets and presen­ta­tions, exchange of docu­ments, content and infor­ma­tion with specif­ic recip­i­ents or publi­ca­tion of websites, forms or other content and infor­ma­tion, as well as chats and partic­i­pa­tion in audio and video conferences.

With­in this frame­work, person­al data may be processed and stored on the provider’s servers inso­far as this data is part of commu­ni­ca­tion process­es with us or is other­wise processed by us in accor­dance with this priva­cy poli­cy. This data may include in partic­u­lar master data and contact data of data subjects, data on process­es, contracts, other proceed­ings and their contents. Cloud service providers also process usage data and meta­da­ta that they use for secu­ri­ty and service opti­miza­tion purposes.

If we use cloud services to provide docu­ments and content to other users or publicly acces­si­ble websites, forms, etc., providers may store cook­ies on users’ devices for web analy­sis or to remem­ber user settings (e.g. in the case of media control).

Infor­ma­tion on legal basis — If we ask for permis­sion to use cloud services, the legal basis for process­ing data is consent. Further­more, their use can be a compo­nent of our (pre)contractual services, provid­ed that the use of cloud services has been agreed in this context. Other­wise, user data will be processed on the basis of our legit­i­mate inter­ests (i.e. inter­est in effi­cient and secure admin­is­tra­tive and collab­o­ra­tion processes).

  • Processed data types: Inven­to­ry data (e.g. names, address­es), Contact data (e.g. e‑mail, tele­phone numbers), Content data (e.g. text input, photographs, videos), Usage data (e.g. websites visit­ed, inter­est in content, access times), Meta/communication data (e.g. device infor­ma­tion, IP addresses).
  • Data subjects: Customers, Employ­ees (e.g. Employ­ees, job appli­cants), Prospec­tive customers, Commu­ni­ca­tion part­ner (Recip­i­ents of e‑mails, letters, etc.).
  • Purpos­es of Process­ing: Office and organ­i­sa­tion­al procedures.
  • Legal Basis: Consent (Arti­cle 6 (1) (a) GDPR), Perfor­mance of a contract and prior requests (Arti­cle 6 (1) (b) GDPR), Legit­i­mate Inter­ests (Arti­cle 6 (1) (f) GDPR).

 

Services and service providers being used:

 

Newsletter and Electronic Communications

We send newslet­ters, e‑mails and other elec­tron­ic commu­ni­ca­tions (here­inafter referred to as “newslet­ters”) only with the consent of the recip­i­ent or a legal permis­sion. Inso­far as the contents of the newslet­ter are specif­i­cal­ly described with­in the frame­work of regis­tra­tion, they are deci­sive for the consent of the user. Other­wise, our newslet­ters contain infor­ma­tion about our services and us.

In order to subscribe to our newslet­ters, it is gener­al­ly suffi­cient to enter your e‑mail address. We may, howev­er, ask you to provide a name for the purpose of contact­ing you person­al­ly in the newslet­ter or to provide further infor­ma­tion if this is required for the purpos­es of the newsletter.

Double opt-in proce­dure: The regis­tra­tion to our newslet­ter takes place in gener­al in a so-called Double-Opt-In proce­dure. This means that you will receive an e‑mail after regis­tra­tion asking you to confirm your regis­tra­tion. This confir­ma­tion is neces­sary so that no one can regis­ter with exter­nal e‑mail addresses.

The regis­tra­tions for the newslet­ter are logged in order to be able to prove the regis­tra­tion process accord­ing to the legal require­ments. This includes stor­ing the login and confir­ma­tion times as well as the IP address. Like­wise the changes of your data stored with the dispatch service provider are logged.

Dele­tion and restric­tion of process­ing: We may store the unsub­scribed email address­es for up to three years based on our legit­i­mate inter­ests before delet­ing them to provide evidence of prior consent. The process­ing of these data is limit­ed to the purpose of a possi­ble defense against claims. An indi­vid­ual dele­tion request is possi­ble at any time, provid­ed that the former exis­tence of a consent is confirmed at the same time. In the case of an oblig­a­tion to perma­nent­ly observe an objec­tion, we reserve the right to store the e‑mail address sole­ly for this purpose in a blocklist.

Infor­ma­tion on legal bases: The send­ing of the newslet­ter is based on the consent of the recip­i­ents or, if consent is not required, on the basis of our legit­i­mate inter­ests in direct market­ing. Inso­far as we engage a service provider for send­ing e‑mails, this is done on the basis of our legit­i­mate inter­ests. The regis­tra­tion proce­dure is record­ed on the basis of our legit­i­mate inter­ests for the purpose of demon­strat­ing that it has been conduct­ed in accor­dance with the law.

Contents: Infor­ma­tion about us, our services, promo­tions and offers.

Analy­sis and perfor­mance measure­ment: The newslet­ters contain a so-called “web-beacon”, i.e. a pixel-sized file, which is retrieved from our serv­er when the newslet­ter is opened or, if we use a mail­ing service provider, from its serv­er. With­in the scope of this retrieval, tech­ni­cal infor­ma­tion such as infor­ma­tion about the brows­er and your system, as well as your IP address and time of retrieval are first collected.

This infor­ma­tion is used for the tech­ni­cal improve­ment of our newslet­ter on the basis of tech­ni­cal data or target groups and their read­ing behav­iour on the basis of their retrieval points (which can be deter­mined with the help of the IP address) or access times. This analy­sis also includes deter­min­ing whether newslet­ters are opened, when they are opened and which links are clicked. For tech­ni­cal reasons, this infor­ma­tion can be assigned to the indi­vid­ual newslet­ter recip­i­ents. It is, howev­er, neither our endeav­our nor, if used, that of the ship­ping service provider to observe indi­vid­ual users. The eval­u­a­tions serve us much more to recog­nize the read­ing habits of our users and to adapt our content to them or to send differ­ent content accord­ing to the inter­ests of our users.

The eval­u­a­tion of the newslet­ter and the measure­ment of success is carried out, subject to the express consent of the user, on the basis of our legit­i­mate inter­ests for the purpos­es of using a user-friend­ly and secure newslet­ter system which serves both our busi­ness inter­ests and the expec­ta­tions of the user.

A sepa­rate objec­tion to the perfor­mance measure­ment is unfor­tu­nate­ly not possi­ble, in this case the entire newslet­ter subscrip­tion must be cancelled or object­ed to.

Send­ing via text messages: The elec­tron­ic commu­ni­ca­tions can also be sent via text messages (or are sent exclu­sive­ly via text messages, if the send­ing autho­riza­tion, e.g., consent, only includes send­ing via SMS).

  • Processed data types: Inven­to­ry data (e.g. names, address­es), Contact data (e.g. e‑mail, tele­phone numbers), Meta/communication data (e.g. device infor­ma­tion, IP address­es), Usage data (e.g. websites visit­ed, inter­est in content, access times).
  • Data subjects: Commu­ni­ca­tion part­ner (Recip­i­ents of e‑mails, letters, etc.).
  • Purpos­es of Process­ing: Direct market­ing (e.g. by e‑mail or postal).
  • Legal Basis: Consent (Arti­cle 6 (1) (a) GDPR), Legit­i­mate Inter­ests (Arti­cle 6 (1) (f) GDPR).
  • Opt-Out: You can cancel the receipt of our newslet­ter at any time, i.e. revoke your consent or object to further receipt. You will find a link to cancel the newslet­ter either at the end of each newslet­ter or you can other­wise use one of the contact options list­ed above, prefer­ably e‑mail.

 

Commercial Communication by E‑Mail, Postal Mail, Fax or Telephone

We process person­al data for the purpos­es of promo­tion­al commu­ni­ca­tion, which may be carried out via vari­ous chan­nels, such as e‑mail, tele­phone, post or fax, in accor­dance with the legal requirements.

The recip­i­ents have the right to with­draw their consent at any time or to object to the adver­tis­ing commu­ni­ca­tion at any time.

After with­draw­al or objec­tion, we may store the data required to prove consent for up to three years on the basis of our legit­i­mate inter­ests before we delete them. The process­ing of these data is limit­ed to the purpose of a possi­ble defense against claims. An indi­vid­ual dele­tion request is possi­ble at any time, provid­ed that the former exis­tence of a consent is affirmed.

  • Processed data types: Inven­to­ry data (e.g. names, address­es), Contact data (e.g. e‑mail, tele­phone numbers).
  • Data subjects: Commu­ni­ca­tion part­ner (Recip­i­ents of e‑mails, letters, etc.).
  • Purpos­es of Process­ing: Direct market­ing (e.g. by e‑mail or postal).
  • Legal Basis: Consent (Arti­cle 6 (1) (a) GDPR), Legit­i­mate Inter­ests (Arti­cle 6 (1) (f) GDPR).

 

Surveys and Questionnaires

The surveys and ques­tion­naires (“surveys”) carried out by us are eval­u­at­ed anony­mous­ly. Person­al data is only processed inso­far as this is neces­sary for the provi­sion and tech­ni­cal execu­tion of the survey (e.g. process­ing the IP address to display the survey in the user’s brows­er or to enable a resump­tion of the survey with the aid of a tempo­rary cook­ie (session cook­ie)) or partic­i­pants have consented.

Infor­ma­tion on legal basis: If we ask the partic­i­pants for their consent to the process­ing of their data, this is the legal basis for the process­ing, other­wise the process­ing of the partic­i­pants’ data is based on our legit­i­mate inter­ests in conduct­ing an objec­tive survey.

  • Processed data types: Contact data (e.g. e‑mail, tele­phone numbers), Content data (e.g. text input, photographs, videos), Usage data (e.g. websites visit­ed, inter­est in content, access times), Meta/communication data (e.g. device infor­ma­tion, IP addresses).
  • Data subjects: Commu­ni­ca­tion part­ner (Recip­i­ents of e‑mails, letters, etc.), Users (e.g. website visi­tors, users of online services).
  • Purpos­es of Process­ing: Contact requests and commu­ni­ca­tion, Direct market­ing (e.g. by e‑mail or postal), Target­ing (e.g. profil­ing based on inter­ests and behav­iour, use of cook­ies), Feed­back (e.g. collect­ing feed­back via online form).
  • Legal Basis: Consent (Arti­cle 6 (1) (a) GDPR), Legit­i­mate Inter­ests (Arti­cle 6 (1) (f) GDPR).

 

Services and service providers being used:

 

Web Analysis, Monitoring and Optimization

Web analy­sis is used to eval­u­ate the visi­tor traf­fic on our website and may include the behav­iour, inter­ests or demo­graph­ic infor­ma­tion of users, such as age or gender, as pseu­do­ny­mous values. With the help of web analy­sis we can e.g. recog­nize, at which time our online services or their func­tions or contents are most frequent­ly used or request­ed for repeat­ed­ly, as well as which areas require optimization.

In addi­tion to web analy­sis, we can also use test proce­dures, e.g. to test and opti­mize differ­ent versions of our online services or their components.

For these purpos­es, so-called user profiles can be creat­ed and stored in a file (so-called “cook­ie”) or simi­lar proce­dures in which the rele­vant user infor­ma­tion for the afore­men­tioned analy­ses is stored. This infor­ma­tion may include, for exam­ple, content viewed, web pages visit­ed and elements and tech­ni­cal data used there, such as the brows­er used, comput­er system used and infor­ma­tion on times of use. If users have consent­ed to the collec­tion of their loca­tion data, these may also be processed, depend­ing on the provider.

The IP address­es of the users are also stored. Howev­er, we use any exist­ing IP mask­ing proce­dure (i.e. pseu­do­nymi­sa­tion by short­en­ing the IP address) to protect the user. In gener­al, with­in the frame­work of web analy­sis, A/B test­ing and opti­mi­sa­tion, no user data (such as e‑mail address­es or names) is stored, but pseu­do­nyms. This means that we, as well as the providers of the soft­ware used, do not know the actu­al iden­ti­ty of the users, but only the infor­ma­tion stored in their profiles for the purpos­es of the respec­tive processes.

Infor­ma­tion on legal basis: If we ask the users for their consent to the use of third party providers, the legal basis of the process­ing is consent. Further­more, the process­ing can be a compo­nent of our (pre)contractual services, provid­ed that the use of the third party was agreed with­in this context. Other­wise, user data will be processed on the basis of our legit­i­mate inter­ests (i.e. inter­est in effi­cient, econom­ic and recip­i­ent friend­ly services). In this context, we would also like to refer you to the infor­ma­tion on the use of cook­ies in this priva­cy policy.

  • Processed data types: Usage data (e.g. websites visit­ed, inter­est in content, access times), Meta/communication data (e.g. device infor­ma­tion, IP addresses).
  • Data subjects: Users (e.g. website visi­tors, users of online services).
  • Purpos­es of Process­ing: Web Analyt­ics (e.g. access statis­tics, recog­ni­tion of return­ing visi­tors), Target­ing (e.g. profil­ing based on inter­ests and behav­iour, use of cook­ies), Conver­sion track­ing (Measure­ment of the effec­tive­ness of market­ing activ­i­ties), Profil­ing (Creat­ing user profiles).
  • Secu­ri­ty measures: IP Mask­ing (Pseu­do­nymiza­tion of the IP address).
  • Legal Basis: Consent (Arti­cle 6 (1) (a) GDPR), Legit­i­mate Inter­ests (Arti­cle 6 (1) (f) GDPR).

 

Services and service providers being used:

 

Onlinemarketing

We process person­al data for the purpos­es of online market­ing, which may include in partic­u­lar the market­ing of adver­tis­ing space or the display of adver­tis­ing and other content (collec­tive­ly referred to as “Content”) based on the poten­tial inter­ests of users and the measure­ment of their effectiveness.

For these purpos­es, so-called user profiles are creat­ed and stored in a file (so-called “cook­ie”) or simi­lar proce­dure in which the rele­vant user infor­ma­tion for the display of the afore­men­tioned content is stored. This infor­ma­tion may include, for exam­ple, content viewed, websites visit­ed, online networks used, commu­ni­ca­tion part­ners and tech­ni­cal infor­ma­tion such as the brows­er used, comput­er system used and infor­ma­tion on usage times. If users have consent­ed to the collec­tion of their side­line data, these can also be processed.

The IP address­es of the users are also stored. Howev­er, we use provid­ed IP mask­ing proce­dures (i.e. pseu­do­nymi­sa­tion by short­en­ing the IP address) to ensure the protec­tion of the user’s by using a pseu­do­nym. In gener­al, with­in the frame­work of the online market­ing process, no clear user data (such as e‑mail address­es or names) is secured, but pseu­do­nyms. This means that we, as well as the providers of online market­ing proce­dures, do not know the actu­al iden­ti­ty of the users, but only the infor­ma­tion stored in their profiles.

The infor­ma­tion in the profiles is usual­ly stored in the cook­ies or simi­lar memo­riz­ing proce­dures. These cook­ies can later, gener­al­ly also on other websites that use the same online market­ing tech­nol­o­gy, be read and analyzed for purpos­es of content display, as well as supple­ment­ed with other data and stored on the serv­er of the online market­ing tech­nol­o­gy provider.

Excep­tion­al­ly, clear data can be assigned to the profiles. This is the case, for exam­ple, if the users are members of a social network whose online market­ing tech­nol­o­gy we use and the network links the profiles of the users in the afore­men­tioned data. Please note that users may enter into addi­tion­al agree­ments with the social network providers or other service providers, e.g. by consent­ing as part of a regis­tra­tion process.

As a matter of prin­ci­ple, we only gain access to summarised infor­ma­tion about the perfor­mance of our adver­tise­ments. Howev­er, with­in the frame­work of so-called conver­sion measure­ment, we can check which of our online market­ing process­es have led to a so-called conver­sion, i.e. to the conclu­sion of a contract with us. The conver­sion measure­ment is used alone for the perfor­mance analy­sis of our market­ing activities.

Unless other­wise stat­ed, we kind­ly ask you to consid­er that cook­ies used will be stored for a peri­od of two years.

Infor­ma­tion on legal basis: If we ask users for their consent (e.g. in the context of a so-called “cook­ie banner consent”), the legal basis for process­ing data for online market­ing purpos­es is this consent. Other­wise, user data will be processed on the basis of our legit­i­mate inter­ests (i.e. inter­est in the analy­sis, opti­mi­sa­tion and econom­ic oper­a­tion of our online services. In this context, we would also like to refer you to the infor­ma­tion on the use of cook­ies in this priva­cy policy.

  • Processed data types: Usage data (e.g. websites visit­ed, inter­est in content, access times), Meta/communication data (e.g. device infor­ma­tion, IP addresses).
  • Data subjects: Users (e.g. website visi­tors, users of online services), Prospec­tive customers.
  • Purpos­es of Process­ing: Target­ing (e.g. profil­ing based on inter­ests and behav­iour, use of cook­ies), Remar­ket­ing, Conver­sion track­ing (Measure­ment of the effec­tive­ness of market­ing activ­i­ties), Inter­est-based and behav­ioral market­ing, Profil­ing (Creat­ing user profiles), Web Analyt­ics (e.g. access statis­tics, recog­ni­tion of return­ing visitors).
  • Secu­ri­ty measures: IP Mask­ing (Pseu­do­nymi­sa­tion of the IP address).
  • Legal Basis: Consent (Arti­cle 6 (1) (a) GDPR), Legit­i­mate Inter­ests (Arti­cle 6 (1) (f) GDPR).We refer to the priva­cy poli­cies of the respec­tive service providers and the possi­bil­i­ties for objec­tion (so-called “opt-out”). If no explic­it opt-out option has been spec­i­fied, it is possi­ble to deac­ti­vate cook­ies in the settings of your brows­er. Howev­er, this may restrict the func­tions of our online offer. We there­fore recom­mend the follow­ing addi­tion­al opt-out options, which are offered collec­tive­ly for each area:a) Europe: https://www.youronlinechoices.eu. b) Cana­da: https://www.youradchoices.ca/choices. c) USA: https://www.aboutads.info/choices. d) Cross-region­al: https://optout.aboutads.info.

 

Services and service providers being used:

    • Online market­ing and web analyt­ics; Service provider: Google Ireland Limit­ed, Gordon House, Barrow Street, Dublin 4, Ireland, parent compa­ny: Google LLC, 1600 Amphithe­atre Park­way, Moun­tain View, CA 94043, USA; Website:

https://marketingplatform.google.com/intl/en/about/analytics/

    • ; Priva­cy Policy:

https://policies.google.com/privacy

    • ; Opt-Out: Opt-Out-Plugin:

https://tools.google.com/dlpage/gaoptout?hl=en

    • , Settings for the Display of Advertisements:

https://adssettings.google.com/authenticated

 

Rating Platforms

We partic­i­pate in rating proce­dures to eval­u­ate, opti­mise and adver­tise our perfor­mance. If users rate us via the partic­i­pat­ing rating plat­forms or meth­ods or other­wise provide feed­back, the Gener­al Terms and Condi­tions of Busi­ness or Use and the data protec­tion infor­ma­tion of the providers also apply. As a rule, the rating also requires regis­tra­tion with the respec­tive provider.

In order to ensure that the eval­u­a­tors have actu­al­ly made use of our services, we trans­mit, with the consent of the customer, the neces­sary data relat­ing to the customer and the service or prod­ucts used to the respec­tive rating plat­form (this includes the name, e‑mail address, order number or arti­cle number). This data is used sole­ly to veri­fy the authen­tic­i­ty of the user.

  • Processed data types: Contract data (e.g. contract object, dura­tion, customer cate­go­ry), Usage data (e.g. websites visit­ed, inter­est in content, access times), Meta/communication data (e.g. device infor­ma­tion, IP addresses).
  • Data subjects: Customers, Users (e.g. website visi­tors, users of online services).
  • Purpos­es of Process­ing: Feed­back (e.g. collect­ing feed­back via online form).
  • Legal Basis: Consent (Arti­cle 6 (1) (a) GDPR), Legit­i­mate Inter­ests (Arti­cle 6 (1) (f) GDPR).

 

Services and service providers being used:

 

Profiles in Social Networks (Social Media)

We main­tain online pres­ences with­in social networks and process user data in this context in order to commu­ni­cate with the users active there or to offer infor­ma­tion about us.
We would like to point out that user data may be processed outside the Euro­pean Union. This may entail risks for users, e.g. by making it more diffi­cult to enforce users’ rights.

In addi­tion, user data is usual­ly processed with­in social networks for market research and adver­tis­ing purpos­es. For exam­ple, user profiles can be creat­ed on the basis of user behav­iour and the asso­ci­at­ed inter­ests of users. The user profiles can then be used, for exam­ple, to place adver­tise­ments with­in and outside the networks which are presumed to corre­spond to the inter­ests of the users. For these purpos­es, cook­ies are usual­ly stored on the user’s comput­er, in which the user’s usage behav­iour and inter­ests are stored. Further­more, data can be stored in the user profiles inde­pen­dent­ly of the devices used by the users (espe­cial­ly if the users are members of the respec­tive networs or will become members later on).

For a detailed descrip­tion of the respec­tive process­ing oper­a­tions and the opt-out options, please refer to the respec­tive data protec­tion decla­ra­tions and infor­ma­tion provid­ed by the providers of the respec­tive networks.

Also, in the case of requests for infor­ma­tion and the exer­cise of rights of data subjects, we point out that these can be most effec­tive­ly pursued with the providers. Only the providers have access to the data of the users and can direct­ly take appro­pri­ate measures and provide infor­ma­tion. If you still need help, please do not hesi­tate to contact us.

Face­book: We are joint­ly respon­si­ble (so called “joint controller”) with Face­book Ireland Ltd. for the collec­tion (but not the further process­ing) of data of visi­tors to our Face­book page. This data includes infor­ma­tion about the types of content users view or inter­act with, or the actions they take (see “Things that you and others do and provide” in the Face­book Data Poli­cy: https://www.facebook.com/policy), and infor­ma­tion about the devices used by users (e.g., IP address­es, oper­at­ing system, brows­er type, language settings, cook­ie infor­ma­tion; see “Device Infor­ma­tion” in the Face­book Data Poli­cy: https://www.facebook.com/policy). As explained in the Face­book Data Poli­cy under “How we use this infor­ma­tion?” Face­book also collects and uses infor­ma­tion to provide analyt­ics services, known as “page insights,” to site oper­a­tors to help them under­stand how people inter­act with their pages and with content asso­ci­at­ed with them. We have conclud­ed a special agree­ment with Face­book (“Infor­ma­tion about Page-Insights”, https://www.facebook.com/legal/terms/page_controller_addendum), which regu­lates in partic­u­lar the secu­ri­ty measures that Face­book must observe and in which Face­book has agreed to fulfill the rights of the persons concerned (i.e. users can send infor­ma­tion access or dele­tion requests direct­ly to Face­book). The rights of users (in partic­u­lar to access to infor­ma­tion, erasure, objec­tion and complaint to the compe­tent super­vi­so­ry author­i­ty) are not restrict­ed by the agree­ments with Face­book. Further infor­ma­tion can be found in the “Infor­ma­tion about Page Insights” (https://www.facebook.com/legal/terms/information_about_page_insights_data).

  • Processed data types: Inven­to­ry data (e.g. names, address­es), Contact data (e.g. e‑mail, tele­phone numbers), Content data (e.g. text input, photographs, videos), Usage data (e.g. websites visit­ed, inter­est in content, access times), Meta/communication data (e.g. device infor­ma­tion, IP addresses).
  • Data subjects: Users (e.g. website visi­tors, users of online services).
  • Purpos­es of Process­ing: Contact requests and commu­ni­ca­tion, Target­ing (e.g. profil­ing based on inter­ests and behav­iour, use of cook­ies), Remar­ket­ing, Web Analyt­ics (e.g. access statis­tics, recog­ni­tion of return­ing visitors).
  • Legal Basis: Legit­i­mate Inter­ests (Arti­cle 6 (1) (f) GDPR).

 

Services and service providers being used:

 

Plugins and embedded functions and content

With­in our online services, we inte­grate func­tion­al and content elements that are obtained from the servers of their respec­tive providers (here­inafter referred to as “third-party providers”). These may, for exam­ple, be graph­ics, videos or social media buttons as well as contri­bu­tions (here­inafter uniform­ly referred to as “Content”).

The inte­gra­tion always presup­pos­es that the third-party providers of this content process the IP address of the user, since they could not send the content to their brows­er with­out the IP address. The IP address is there­fore required for the presen­ta­tion of these contents or func­tions. We strive to use only those contents, whose respec­tive offer­ers use the IP address only for the distri­b­u­tion of the contents. Third parties may also use so-called pixel tags (invis­i­ble graph­ics, also known as “web beacons”) for statis­ti­cal or market­ing purpos­es. The “pixel tags” can be used to eval­u­ate infor­ma­tion such as visi­tor traf­fic on the pages of this website. The pseu­do­ny­mous infor­ma­tion may also be stored in cook­ies on the user’s device and may include tech­ni­cal infor­ma­tion about the brows­er and oper­at­ing system, refer­ring websites, visit times and other infor­ma­tion about the use of our website, as well as may be linked to such infor­ma­tion from other sources.

Infor­ma­tion on legal basis: If we ask users for their consent (e.g. in the context of a so-called “cook­ie banner consent”), the legal basis for process­ing is this consent. Other­wise, user data will be processed on the basis of our legit­i­mate inter­ests (i.e. inter­est in the analy­sis, opti­mi­sa­tion and econom­ic oper­a­tion of our online services. We refer you to the note on the use of cook­ies in this priva­cy policy.

  • Processed data types: Usage data (e.g. websites visit­ed, inter­est in content, access times), Meta/communication data (e.g. device infor­ma­tion, IP address­es), Loca­tion data (Infor­ma­tion on the geograph­i­cal posi­tion of a device or person), Contact data (e.g. e‑mail, tele­phone numbers), Content data (e.g. text input, photographs, videos).
  • Data subjects: Users (e.g. website visi­tors, users of online services), Commu­ni­ca­tion part­ner (Recip­i­ents of e‑mails, letters, etc.).
  • Purpos­es of Process­ing: Provi­sion of our online services and usabil­i­ty, Provi­sion of contrac­tu­al services and customer support, Contact requests and commu­ni­ca­tion, Direct market­ing (e.g. by e‑mail or postal), Target­ing (e.g. profil­ing based on inter­ests and behav­iour, use of cook­ies), Inter­est-based and behav­ioral market­ing, Profil­ing (Creat­ing user profiles).
  • Legal Basis: Legit­i­mate Inter­ests (Arti­cle 6 (1) (f) GDPR), Consent (Arti­cle 6 (1) (a) GDPR).

 

Services and service providers being used:

  • Google Fonts: We inte­grate the fonts (“Google Fonts”) of the provider Google, where­by the data of the users are used sole­ly for purpos­es of the repre­sen­ta­tion of the fonts in the brows­er of the users. The inte­gra­tion takes place on the basis of our legit­i­mate inter­ests in a tech­ni­cal­ly secure, main­te­nance-free and effi­cient use of fonts, their uniform presen­ta­tion and consid­er­a­tion of possi­ble licens­ing restric­tions for their inte­gra­tion. Service provider: Google Ireland Limit­ed, Gordon House, Barrow Street, Dublin 4, Ireland, parent compa­ny: Google LLC, 1600 Amphithe­atre Park­way, Moun­tain View, CA 94043, USA; Website: https://fonts.google.com/; Priva­cy Poli­cy: https://policies.google.com/privacy.
  • Google Maps: We inte­grate the maps of the service “Google Maps” from the provider Google. The data processed may include, in partic­u­lar, IP address­es and loca­tion data of users, which are not collect­ed with­out their consent (usual­ly with­in the frame­work of the settings of their mobile devices); Service provider: Google Ireland Limit­ed, Gordon House, Barrow Street, Dublin 4, Ireland, parent compa­ny: Google LLC, 1600 Amphithe­atre Park­way, Moun­tain View, CA 94043, USA; Website: https://cloud.google.com/maps-platform; Priva­cy Poli­cy: https://policies.google.com/privacy; Opt-Out: Opt-Out-Plug­in: https://tools.google.com/dlpage/gaoptout?hl=en, Settings for the Display of Adver­tise­ments: https://adssettings.google.com/authenticated.
  • LinkedIn plug­ins and contents: LinkedIn plug­ins and contents — This can include content such as images, videos or text and buttons with which users can share content from this online service with­in LinkedIn. Service provider: LinkedIn Ireland Unlim­it­ed Compa­ny, Wilton Place, Dublin 2, Ireland; Website: https://www.linkedin.com; Priva­cy Poli­cy: https://www.linkedin.com/legal/privacy-policy; Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

 

Planning, Organization and Utilities

We use services, plat­forms and soft­ware from other providers (here­inafter referred to as ” third-party providers”) for the purpos­es of orga­niz­ing, admin­is­ter­ing, plan­ning and provid­ing our services. When select­ing third-party providers and their services, we comply with the legal requirements.

With­in this context, person­al data may be processed and stored on the servers of third-party providers. This may include vari­ous data that we process in accor­dance with this priva­cy poli­cy. This data may include in partic­u­lar master data and contact data of users, data on process­es, contracts, other process­es and their contents.

If users are referred to the third-party providers or their soft­ware or plat­forms in the context of commu­ni­ca­tion, busi­ness or other rela­tion­ships with us, the third-party provider process­ing may process usage data and meta­da­ta that can be processed by them for secu­ri­ty purpos­es, service opti­mi­sa­tion or market­ing purpos­es. We there­fore ask you to read the data protec­tion notices of the respec­tive third-party providers.

Infor­ma­tion on legal basis: If we ask the users for their consent to the use of third-party providers, the legal basis of the process­ing is consent. Further­more, the process­ing can be a compo­nent of our (pre)contractual services, provid­ed that the use of the third party was agreed with­in this context. Other­wise, user data will be processed on the basis of our legit­i­mate inter­ests (i.e. inter­est in effi­cient, econom­ic and recip­i­ent friend­ly services). In this context, we would also like to refer you to the infor­ma­tion on the use of cook­ies in this priva­cy policy.

  • Processed data types: Inven­to­ry data (e.g. names, address­es), Contact data (e.g. e‑mail, tele­phone numbers), Content data (e.g. text input, photographs, videos), Usage data (e.g. websites visit­ed, inter­est in content, access times), Meta/communication data (e.g. device infor­ma­tion, IP addresses).
  • Data subjects: Commu­ni­ca­tion part­ner (Recip­i­ents of e‑mails, letters, etc.), Users (e.g. website visi­tors, users of online services).
  • Purpos­es of Process­ing: Contact requests and communication.
  • Legal Basis: Consent (Arti­cle 6 (1) (a) GDPR), Perfor­mance of a contract and prior requests (Arti­cle 6 (1) (b) GDPR), Legit­i­mate Inter­ests (Arti­cle 6 (1) (f) GDPR).

 

Services and service providers being used:

 

Deletion of data

The data processed by us will be delet­ed in accor­dance with the statu­to­ry provi­sions as soon as their process­ing is revoked or other permis­sions no longer apply (e.g. if the purpose of process­ing this data no longer applies or they are not required for the purpose).

If the data is not delet­ed because they are required for other and legal­ly permis­si­ble purpos­es, their process­ing is limit­ed to these purpos­es. This means that the data will be restrict­ed and not processed for other purpos­es. This applies, for exam­ple, to data that must be stored for commer­cial or tax reasons or for which stor­age is neces­sary to assert, exer­cise or defend legal claims or to protect the rights of anoth­er natur­al or legal person.

Further infor­ma­tion on the erasure of person­al data can also be found in the indi­vid­ual data protec­tion notices of this priva­cy policy.

Changes and Updates to the Priva­cy Policy
We kind­ly ask you to inform your­self regu­lar­ly about the contents of our data protec­tion decla­ra­tion. We will adjust the priva­cy poli­cy as changes in our data process­ing prac­tices make this neces­sary. We will inform you as soon as the changes require your coop­er­a­tion (e.g. consent) or other indi­vid­ual notification.

If we provide address­es and contact infor­ma­tion of compa­nies and orga­ni­za­tions in this priva­cy poli­cy, we ask you to note that address­es may change over time and to veri­fy the infor­ma­tion before contact­ing us.

Rights of Data Subjects
As data subject, you are enti­tled to vari­ous rights under the GDPR, which arise in partic­u­lar from Arti­cles 15 to 21 of the GDPR:

  • Right to Object: You have the right, on grounds aris­ing from your partic­u­lar situ­a­tion, to object at any time to the process­ing of your person­al data which is based on letter (e) or (f) of Arti­cle 6(1) GDPR , includ­ing profil­ing based on those provi­sions. Where person­al data are processed for direct market­ing purpos­es, you have the right to object at any time to the process­ing of the person­al data concern­ing you for the purpose of such market­ing, which includes profil­ing to the extent that it is relat­ed to such direct marketing.
  • Right of with­draw­al for consents: You have the right to revoke consents at any time.
  • Right of access: You have the right to request confir­ma­tion as to whether the data in ques­tion will be processed and to be informed of this data and to receive further infor­ma­tion and a copy of the data in accor­dance with the provi­sions of the law.
  • Right to recti­fi­ca­tion: You have the right, in accor­dance with the law, to request the comple­tion of the data concern­ing you or the recti­fi­ca­tion of the incor­rect data concern­ing you.
  • Right to Erasure and Right to Restric­tion of Process­ing: In accor­dance with the statu­to­ry provi­sions, you have the right to demand that the rele­vant data be erased imme­di­ate­ly or, alter­na­tive­ly, to demand that the process­ing of the data be restrict­ed in accor­dance with the statu­to­ry provisions.
  • Right to data porta­bil­i­ty: You have the right to receive data concern­ing you which you have provid­ed to us in a struc­tured, common and machine-read­able format in accor­dance with the legal require­ments, or to request its trans­mis­sion to anoth­er controller.
  • Complaint to the super­vi­so­ry author­i­ty: You also have the right, under the condi­tions laid down by law, to lodge a complaint with a super­vi­so­ry author­i­ty, in partic­u­lar in the Member State of your habit­u­al resi­dence, place of work or place of the alleged infringe­ment if you consid­er that the process­ing of person­al data relat­ing to you infringes the GDPR.

 

Terminology and Definitions

This section provides an overview of the terms used in this priva­cy poli­cy. Many of the terms are drawn from the law and defined main­ly in Arti­cle 4 GDPR. The legal defi­n­i­tions are bind­ing. The follow­ing expla­na­tions, on the other hand, are intend­ed above all for the purpose of compre­hen­sion. The terms are sort­ed alphabetically.

  • Controller: “Controller” means the natur­al or legal person, public author­i­ty, agency or other body which, alone or joint­ly with others, deter­mines the purpos­es and means of the process­ing of person­al data.
  • Conver­sion track­ing: Conver­sion track­ing is a method used to eval­u­ate the effec­tive­ness of market­ing measures. For this purpose, a cook­ie is usual­ly stored on the devices of the users with­in the websites on which the market­ing measures take place and then called up again on the target website (e.g. we can thus trace whether the adver­tise­ments placed by us on other websites were successful).
  • IP Mask­ing: IP mask­ing is a method by which the last octet, i.e. the last two numbers of an IP address, are delet­ed so that the IP address alone can no longer be used to unique­ly iden­ti­fy a person. IP mask­ing is there­fore a means of pseu­do­nymis­ing process­ing meth­ods, partic­u­lar­ly in online marketing.
  • Inter­est-based and behav­iour­al market­ing: Inter­est-relat­ed and/or behav­iour-relat­ed market­ing is the term used when poten­tial user inter­est in adver­tise­ments and other content is predict­ed if possi­ble. This is done on the basis of infor­ma­tion on the previ­ous behav­iour of users (e.g. visit­ing and stay­ing on certain websites, purchas­ing behav­iour or inter­ac­tion with other users), which is stored in a so-called profile. For these purpose, cook­ies are usual­ly used.
  • Loca­tion data: Loca­tion data is creat­ed when a mobile device (or anoth­er device with the tech­ni­cal require­ments for a loca­tion deter­mi­na­tion) connects to a radio cell, a WLAN or simi­lar tech­ni­cal means and func­tions of loca­tion deter­mi­na­tion. Loca­tion data serve to indi­cate the geograph­i­cal­ly deter­minable posi­tion of the earth at which the respec­tive device is locat­ed. Loca­tion data can be used, for exam­ple, to display map func­tions or other infor­ma­tion depen­dent on a location.
  • Person­al Data: “Person­al data” means any infor­ma­tion relat­ing to an iden­ti­fied or iden­ti­fi­able natur­al person (“data subject”); an iden­ti­fi­able natur­al person is one who can be iden­ti­fied, direct­ly or indi­rect­ly, in partic­u­lar by refer­ence to an iden­ti­fi­er such as a name, an iden­ti­fi­ca­tion number, loca­tion data, an online iden­ti­fi­er or to one or more factors specif­ic to the phys­i­cal, phys­i­o­log­i­cal, genet­ic, mental, econom­ic, cultur­al or social iden­ti­ty of that natur­al person.
  • Process­ing: The term “process­ing” covers a wide range and prac­ti­cal­ly every handling of data, be it collec­tion, eval­u­a­tion, stor­age, trans­mis­sion or erasure.
  • Profil­ing: “Profil­ing” means any auto­mat­ed process­ing of person­al data consist­ing in the use of such person­al data to analyse, eval­u­ate or predict certain person­al aspects relat­ing to a natur­al person (depend­ing on the type of profil­ing, this includes infor­ma­tion regard­ing age, gender, loca­tion and move­ment data, inter­ac­tion with websites and their contents, shop­ping behav­iour, social inter­ac­tions with other people) (e.g. inter­ests in certain contents or prod­ucts, click behav­iour on a website or the loca­tion). Cook­ies and web beacons are often used for profil­ing purposes.
  • Remar­ket­ing: Remar­ket­ing” or “retar­get­ing” is the term used, for exam­ple, to indi­cate for adver­tis­ing purpos­es which prod­ucts a user is inter­est­ed in on a website in order to remind the user of these prod­ucts on other websites, e.g. in advertisements.
  • Target­ing: Track­ing” is the term used when the behav­iour of users can be traced across sever­al websites. As a rule, behav­iour and inter­est infor­ma­tion with regard to the websites used is stored in cook­ies or on the servers of the track­ing tech­nol­o­gy providers (so-called profil­ing). This infor­ma­tion can then be used, for exam­ple, to display adver­tise­ments to users presum­ably corre­spond­ing to their interests.
  • Web Analyt­ics: Web Analyt­ics serves the eval­u­a­tion of visi­tor traf­fic of online services and can deter­mine their behav­iour or inter­ests in certain infor­ma­tion, such as content of websites. With the help of web analyt­ics, website owners, for exam­ple, can recog­nize at what time visi­tors visit their website and what content they are inter­est­ed in. This allows them, for exam­ple, to opti­mize the content of the website to better meet the needs of their visi­tors. For purpos­es of web analyt­ics, pseu­do­ny­mous cook­ies and web beacons are frequent­ly used in order to recog­nise return­ing visi­tors and thus obtain more precise analy­ses of the use of an online service.